Upload
noopur-purwar
View
228
Download
0
Embed Size (px)
Citation preview
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 1/32
INTELLIGENT SNIFFER
COMPUTER DEPT 1 DYPCOE AKURDI,PUNE
INTRODUCTION
___________________________________________________________________________
Enterprises in which all desktops have internet access need to be more vigilant in the
network access both from internet to intranet and intranet to internet. Middleware systems
which allow internet access need to be more intelligent in avoiding outages, hacking and
spoofing. This Project involves creation of a packet analyzer with Artificial Intelligence based
Graphical Web Front End providing Data visualization models for traffic and usage analysis.
The system will also be able to provide Intrusion detection and alarming capabilities.
1.1 Description
A packet sniffer is a device or program that allows eavesdropping on traffic traveling
between networked computers. The packet sniffer will capture data that is addressed to other
machines, saving it for later analysis. This application will pick up the data and will generate
dynamic charts; this will make it easier to make analysis on the packet sniffing analysis.
These data based live charts will be very helpful in analysis of the packet sniffing on internet.
These charts can look like
Fig No 1.1:- Packet sniffing graphs
Chapter 1
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 2/32
INTELLIGENT SNIFFER
COMPUTER DEPT 2 DYPCOE AKURDI,PUNE
Fig no 1.2 Statistic levels
All information that travels across a network is sent in "packets." For example, when
an email is sent from one computer to another, it is first broken up into smaller segments.
Each segment has the destination address attached, the source address, and other information
such as the number of packets and reassembly order. Once they arrive at the destination, the
packet's headers and footers are stripped away, and the packets reconstituted. In the example
of the simplest network where computers share an Ethernet wire, all packets that travel
between the various computers are "seen" by every computer on the network. A hub
broadcasts every packet to every machine or node on the network, and then a filter in each
computer discards packets not addressed to it. A packet sniffer disables this filter to capture
and analyze some or all packets traveling through the Ethernet wire, depending on the
sniffer's configuration.
A packet sniffer is not just a hacker 's tool. It can be used for network troubleshooting
and other useful purposes. However, in the wrong hands, a packet sniffer can capture sensitive
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 3/32
INTELLIGENT SNIFFER
COMPUTER DEPT 3 DYPCOE AKURDI,PUNE
personal information that can lead to invasion of privacy, identity theft, and other serious
eventualities.
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 4/32
INTELLIGENT SNIFFER
COMPUTER DEPT 4 DYPCOE AKURDI,PUNE
Chapter 2
LITERATURE SURVEY
_______________________________________________________
The past five years have witnessed the emergence of comprehensive efforts to improve the
security of information systems and networks. A recent survey by the OECD demonstrates
that governments have developed national policy frameworks as well as partnerships with the
private sector and civil society around combating cybercrime, developing Computer Security
Incident Response Teams (CSIRTs), raising awareness,information sharing, fostering
education and other initiatives.
During the same period, security threats have increasingly captured the public¶s attention ±
fueled by new attack trends on the Internet, terrorism warnings, rising cybercrime and our
growing reliance on the Internet and other communication networks in virtually all aspects of
our lives. An increasingly powerful threat is posed by so-called ³malware´ ± commonly
defined as malicious software that is inserted into an information system, usually covertly,
with the intent of compromising the confidentiality, integrity, or availability of the victim¶s
data, applications, or operating system or otherwise annoying or disrupting the victim¶s
system or other systems (Mell et al. 2005, p. ES-1). Typical forms of malware include viruses,
worms, Trojans, key loggers and malicious mobile code.
The effects of malware have increased significantly in the last few years, forcing us to rethink
the way in which information security is pursued. For governments, increasing public
attention implies increasing political pressure to intensify their actions, beyond the initiatives
already underway. The question is: When and how? What policies and initiatives are needed
How to improve cybersecurity is hardly a straightforward question. Notwithstanding rapidly
growing investments in security measures, it has become clear that cybersecurity is a
technological arms race that will not be decided in the immediate future. Take spam, for
instance. Several years ago, so-called open e-mail relays were a major source of spam. ISPs
and other actors developed measures to collectively combat open relays, such as blacklisting
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 5/32
INTELLIGENT SNIFFER
COMPUTER DEPT 5 DYPCOE AKURDI,PUNE
By the time the adoption of these measures reached a critical mass, spammers had already
shifted their tactics. As a result, the significant reduction in the number of open relays had
hardly any impact on the amount of spam. More recently, the industry debated the use of
Sender Policy Framework (SPF) as a way to combat the forging of the sender¶s mail
addresses ± a typical property of spam messages. While the industry was still discussing the
merits of SPF, spammers were already successfully abusing SPF as a means to get even more
messages past spam filters. The list of examples goes on and on.
While many would agree that cybersecurity needs to be strengthened, the effectiveness of
many security measures is uncertain and contested, to say the least. Furthermore, security
measures may also impede innovation and productivity. It is easy to forget that while the
internet has enabled an extraordinary wave of technological innovation and productivity
growth, it is also susceptible to significant security threats. The benefits of the latter often
outweigh the costs of the former ± as in the case of online credit card transactions. From the
very start, credit card companies have struggled with rising fraud. That hasn¶t stopped them
from expanding their online business. The benefits of that growth were consistently higher
than the costs of the increase in fraud that came with it. Rather than implementing farreaching
security measures that would restrict the usefulness of the system, they¶ve adopted strategies
to fight instances of fraud, up until the point where the costs of further reductions in fraud are
higher than the remaining damages.
All this means that total security is neither achievable nor desirable. Actors need to make their
own tradeoffs regarding what kind of security measures they deem appropriate and rational,
given their business model. Clearly, these business models are very different for actors in the
different niches of the complex ecosystem surrounding information systems and networks ±
In other words, many instances of what could be conceived as security failures are in fact the
outcome of rational economic decisions, given the costs and benefits facing the actors
involved. What is needed, then, is a better understanding of these costs and benefits ± in short:
of the economics of cybersecurity. This report outlines a research project to this aim,
considering options for OECD member countries with respect to new policies, as well as
providing a better foundation for the public-private partnerships set up to deal with
cybersecurity.
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 6/32
INTELLIGENT SNIFFER
COMPUTER DEPT 6 DYPCOE AKURDI,PUNE
Research in the field of cybersecurity is undergoing a major paradigm shift. More and more
researchers are adopting economic approaches to study cybersecurity, shifting emphasis away
from a focus on technological causes and solutions. Most of this innovative research has yet
to find its way into the realm of policymakers, let alone into the policies themselves. While
reports like the OECD survey on the culture of security (OECD, 2005) generally recognize
that there is more to cybersecurity than technology, the proposed measures are still mostly
oriented in that direction: developing technological responses and efforts to stimulate their
adoption. Think of initiatives to promote authentication, encryption and Trusted Third Parties,
awareness campaigns urging people to improve the security of their systems, certification
schemes tied to security standards, and clearinghouses for information on security threats and
their remedies such as CERTs.
Notwithstanding the necessity of these initiatives, they typically ignore the economics of
cybersecurity ± i.e., the underlying economic incentive structure. As Anderson and Moore
(2006, p. 610) have argued, ³over the past 6 years, people have realized that security failure is
caused at least as often by bad incentives as by bad design.´ Many of the problems of
information security can be explained more clearly and convincingly using the language of
microeconomics: network effects, externalities, asymmetric information, moral hazard,
adverse selection, liability dumping and the tragedy of the commons. Within this literature,
the incentives that stimulate efficient behavior are central.
We can see the power of incentive structures around security threats everywhere. Take the
distribution of viruses and other malware. During the second part of the nineties, when the
cale of virus distribution was rapidly increasing and many end users (home, corporate,
governmental) were affected, most ISPs argued that virus protection was the responsibility of
the end users themselves. The computer was their property, after all. They further argued that
they couldn¶t scan the traffic coming through their e-mail servers, because that would invade
the privacy of the end user. The mail message was also considered the property of the end
user. About five years ago, this started to change. The spread of viruses and worms had grown
exponentially and now the infrastructures of the ISPs themselves were succumbing to the
load. ISPs radically shifted their position in response. Within a few years, the majority of
them started to scan incoming e-mail traffic and deleting traffic that they identified as
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 7/32
INTELLIGENT SNIFFER
COMPUTER DEPT 7 DYPCOE AKURDI,PUNE
malignant. The effects of the property rights had been extended: the property rights of the
infrastructure now gave the incentive to invest in fighting malware. One could view this as an
example of an invisible hand: self-interested behavior of ISPs led to a more thorough defense
against email-based viruses and increasing net social benefits.
In many cases, an economic perspective on cybersecurity ± and malware in particular ±
provides us with more powerful analysis and a fruitful starting point for new governmental
policies: incentive structures and market externalities. This report sets out to develop this
perspective, building on the innovative research efforts of the past six years. More work is
needed, however. As we will see, most of the research so far has been based on the methods
of neoclassical and new institutional economics. While powerful, these methods are based on
rather stringent assumptions about how actors behave ± such as their rationality, their security
tradeoffs and the kind of information they have ± and how they interact with their institutional
environment.
We discuss the implications of these neoclassical and new institutional approaches in more
detail in the next chapter. For now, we briefly mention three limitations: (1) they provide
limited insight into how actors actually perceive the cost, benefits and incentives they face;
(2) they have difficulties taking into account dynamic and learning effects, such as how a loss
of reputation changes the incentives an actor experiences; and (3) they treat issues of
institutional design as somewhat trivial. That is to say, the literature assumes that its models
can indicate what market design is optimal, that this design brought into existence at will and
that actors will behave as the model predicts. If the past decade of economic reforms ±such as
privatization, liberalization and deregulation ± have taught us anything, it is that designing
markets is highly complicated and sensitive to context. It cannot be based on formal
theoretical models alone. Institutional design requires an in-depth empirical understanding of
current institutional structures.
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 8/32
INTELLIGENT SNIFFER
COMPUTER DEPT 8 DYPCOE AKURDI,PUNE
2.1 Principles
There were five primary goals in the creation of the Java language:
1. It should be "simple, object oriented, and familiar".
2. It should be "robust and secure".
3. It should be "architecture neutral and portable".
4. It should execute with "high performance".
5. It should be "interpreted, threaded, and dynamic".
2.1.1 The Swing Components
Include everything from buttons to split panes to tables..
2.1.2 Pluggable Look and Feel Support
Gives any program that uses Swing components a choice of looks and feels. For
example, the same program can use either the JavaTM
look and feel or the Windows
look and feel. We expect many more look-and-feel packages -- including some that
use sound instead of a visual "look" -- to become available from various sources.
2.1.3 Accessibility API
Enables assistive software such as screen readers and Braille displays to get
information from the user interface.
2.1.4 Java 2DTM
API (Java 2 Platform only)
Enables developers to easily incorporate high-quality 2D graphics, text, and images in
applications and in applets.
2.1.5 Drag and Drop Support (Java 2 Platform only)
Provides the ability to drag and drop between a Java application and a native
application.
The first three JFC features were implemented without any native code, relying only on the
API defined in JDK 1.1. As a result, they could and did become available as an extension to
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 9/32
INTELLIGENT SNIFFER
COMPUTER DEPT 9 DYPCOE AKURDI,PUNE
JDK 1.1. This extension was released as JFC 1.1, which is sometimes called "the Swing
release." The API in JFC 1.1 is often called "the Swing API."
Note: "Swing" was the codename of the project that developed the new components.
Although it's an unofficial name, it's frequently used to refer to the new components and
related API. It's immortalized in the package names for the Swing API, which begin with
javax.swing.
This trail concentrates on the Swing components. We help you choose the appropriate ones
for your GUI, tell you how to use them, and give you the background information you need to
use them effectively. We discuss the Pluggable look and feel and Accessibility support when
they affect how you write programs that use Swing components.
2.2 Which Releases Contain the Swing API?
The Swing API is available in two forms:
y As a core part of the Java 2 Platform (standard edition of either v 1.2 or v 1.3)
y JFC 1.1 (for use with JDK 1.1)
Which release you use depends on whether you need to use JDK 1.1 or the Java 2
Platform, and on whether you're willing to be a beta tester for SDK v 1.3. It's a bit simpler to
use the Java 2 Platform because the JFC is built into the Java 2 Platform and you don't need
to add libraries to be able to use the Swing API. However, if you need to use JDK 1.1, then
adding the Swing API (using JFC 1.1) isn't difficult.This trail describes the Swing 1.1 API,
which is the version present in the Java 2 Platform v 1.2 and in the release called "JFC 1.1
(with Swing 1.1)." Except where noted, the code in this trail works unchanged with either
release and subsequent compatible releases, such as SDK v 1.3 and JFC 1.1 (with
Swing 1.1.1).
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 10/32
INTELLIGENT SNIFFER
COMPUTER DEPT 10 DYPCOE AKURDI,PUNE
Sun has released many versions of JFC 1.1, which are identified by the version of
Swing API they contain. One previous version, for example, was called "JFC 1.1 (with
Swing 1.0.3)." The last JFC 1.1 release was Swing version 1.1.1. It had the same API as
Swing 1.1, but added many bug fixes, some performance improvements, and a few new
capabilities such as HTML text in labels that required no API changes.
The following table shows some of the important releases containing Swing API. Bold font
indicates the releases typically used in shipping products.
2.2.1 What Swing Packages Should I Use?
The Swing API is powerful, flexible -- and immense. For example, the 1.1 version of the API
has 15 public packages: javax.accessibility, javax.swing, javax.swing.border,
javax.swing.colorchooser, javax.swing.event, javax.swing.filechooser, javax.swing.plaf,
javax.swing.plaf.basic, javax.swing.plaf.metal, javax.swing.plaf.multi, javax.swing.table,
javax.swing.text, javax.swing.text.html, javax.swing.tree, and javax.swing.undo.
Fortunately, most programs use only a small subset of the API. This trail sorts out the API for
you, giving you examples of common code and pointing you to methods and classes you're
likely to need. Most of the code in this trail uses only one or two Swing packages:
y javax.swing
y javax.swing.event (not always required)
2.2.2 How Are Swing Components Different from AWT Components?
The AWT components are those provided by the JDK 1.0 and 1.1 platforms. Although
the Java 2 Platform still supports the AWT components, we strongly encourage you to use
Swing components instead. You can identify Swing components because their names start
with J. The AWT button class, for example, is named Button, while the Swing button class is
named JButton. Additionally, the AWT components are in the java.awt package, while the
Swing components are in the javax.swing package.
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 11/32
INTELLIGENT SNIFFER
COMPUTER DEPT 11 DYPCOE AKURDI,PUNE
The biggest difference between the AWT components and Swing components is that
the Swing components are implemented with absolutely no native code. Since Swing
components aren't restricted to the least common denominator -- the features that are present
on every platform -- they can have more functionality than AWT components. Because the
Swing components have no native code, they can be be shipped as an add-on to JDK 1.1, in
addition to being part of the Java 2 Platform.
Even the simplest Swing components have capabilities far beyond what the AWT
components offer:
y Swing buttons and labels can display images instead of, or in addition to, text.
y You can easily add or change the borders drawn around most Swing components. For
example, it's easy to put a box around the outside of a container or label.
y You can easily change the behavior or appearance of a Swing component by either
invoking methods on it or creating a subclass of it.
y Swing components don't have to be rectangular. Buttons, for example, can be round.
y Assistive software such as screen readers can easily get information from Swing
components. For example, a tool can easily get the text that's displayed on a button or
label.
Swing lets you specify which look and feel your program's GUI uses. By contrast, AWT
components always have the look and feel of the native platform.
Another interesting feature is that Swing components with state use models to keep the state.
A JSlider, for instance, uses a BoundedRangeModel object to hold its current value and range
of legal values. Models are set up automatically, so you don't have to deal with them unless
you want to take advantage of the power they can give you.
If you're used to using AWT components, you need to be aware of a few gotchas when using
Swing components:
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 12/32
INTELLIGENT SNIFFER
COMPUTER DEPT 12 DYPCOE AKURDI,PUNE
y Programs should not, as a rule, use "heavyweight" components alongside Swing
components. Heavyweight components include all the ready-to-use AWT components
(such as Menu and ScrollPane) and all components that inherit from the AWT Canvas
and Panel classes. This restriction exists because when Swing components (and all
other "lightweight" components) overlap with heavyweight components, the
heavyweight component is always painted on top.
y Swing components aren't thread safe. If you modify a visible Swing component --
invoking its setText method, for example -- from anywhere but an event handler, then
you need to take special steps to make the modification execute on the event-
dispatching thread. This isn't an issue for many Swing programs, since component-
modifying code is typically in event handlers.
y The containment hierarchy for any window or applet that contains Swing components
must have a Swing top-level container at the root of the hierarchy. For example, a
main window should be implemented as a JFrame instance rather than as a Frame
instance.
y You don't add components directly to a top-level container such as a JFrame. Instead,
you add components to a container (called the content pane) that is itself contained by
the JFrame.
2.3 What Is Java?
Java is two things: a programming language and a platform.
2.3.1 The Java Programming Language
Java is a high-level programming language that is all of the following:
Simple Architecture-neutral
Object-oriented Portable
Distributed High-performance
Interpreted Multithreaded
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 13/32
INTELLIGENT SNIFFER
COMPUTER DEPT 13 DYPCOE AKURDI,PUNE
Robust Dynamic
Secure
You translate a Java program into an intermediate language called Java bytecode--the
platform-independent codes interpreted by the Java interpreter. With an interpreter, each Java
bytecode instruction is parsed and run on the computer. Compilation happens just once;
interpretation occurs each time the program is executed. This figure illustrates how this
works.
Fig no 2.1 Process of compilation
You can think of Java bytecodes as the machine code instructions for the J ava Vir t ual
Machine (Java VM). Every Java interpreter, whether it's a Java development tool or a Web
browser that can run Java applets, is an implementation of the Java VM. The Java VM can
also be implemented in hardware.
Java bytecodes help make "write once, run anywhere" possible. You can compile your Java
program into bytecodes on any platform that has a Java compiler. The bytecodes can then be
run on any implementation of the Java VM. For example, the same Java program can run on
Windows NT, Solaris, and Macintosh.
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 14/32
INTELLIGENT SNIFFER
COMPUTER DEPT 14 DYPCOE AKURDI,PUNE
Fig no:2.2 working of compiler
2.3.2 The Java Platform
A platform is the hardware or software environment in which a program runs. The Java
platform differs from most other platforms in that it's a software-only platform that runs on
top of other, hardware-based platforms. Most other platforms are described as a combination
of hardware and operating system.
The Java platform has two components:
y The J ava Vir t ual Machine (Java VM)
y The J ava Applicat ion Pr og ramming I nterface (Java API)
You've already been introduced to the Java VM. It's the base for the Java platform and is
ported onto various hardware-based platforms.
The Java API is a large collection of ready-made software components that provide many
useful capabilities, such as graphical user interface (GUI) widgets. The Java API is grouped
into libraries (pack ages) of related components.
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 15/32
INTELLIGENT SNIFFER
COMPUTER DEPT 15 DYPCOE AKURDI,PUNE
The following figure depicts a Java program, such as an application or applet, that's running
on the Java platform. As the figure shows, the Java API and Virtual Machine insulates the
Java program from hardware dependencies.
As a platform-independent environment, Java can be a bit slower than native code. However,
smart compilers, well-tuned interpreters, and just-in-time bytecode compilers can bring Java's
performance close to that of native code without threatening portability.
2.4 What Can Java Do?
Probably the most well-known Java programs are J ava appl ets. An applet is a Java program
that adheres to certain conventions that allow it to run within a Java-enabled browser. At the
beginning of this trail is an applet that displays an animation of Java's mascot, Duke, waving
at you.
However, Java is not just for writing cute, entertaining applets for the World Wide Web
("Web"). Java is a general-purpose, high-level programming language and a powerful
software platform. Using the generous Java API, you can write many types of programs.
The most common types of programs are probably applets and applications, where a
Java application is a standalone program that runs directly on the Java platform. A special
kind of application known as a server serves and supports clients on a network. Examples of
servers include Web servers, proxy servers, mail servers, print servers, and boot servers.
Another specialized program is a servl et . Servlets are similar to applets in that they are
runtime extensions of applications. Instead of working in browsers, though, servlets run
within Java servers, configuring or tailoring the server.
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 16/32
INTELLIGENT SNIFFER
COMPUTER DEPT 16 DYPCOE AKURDI,PUNE
How does the Java API support all of these kinds of programs? With packages of software
components that provide a wide range of functionality. The cor e API is the API included in
every full implementation of the Java platform. The core API gives you the following
features:
y The Essentials: Objects, strings, threads, numbers, input and output, data
structures, system properties, date and time, and so on.
y Applets: The set of conventions used by Java applets.
y Networking: URLs, TCP and UDP sockets, and IP addresses.
y Internationalization: Help for writing programs that can be localized for users
worldwide. Programs can automatically adapt to specific locales and be
displayed in the appropriate language.
y Security: Both low-level and high-level, including electronic signatures,
public/private key management, access control, and certificates.
y Software components: Known as JavaBeans, can plug into existing
component architectures such as Microsoft's OLE/COM/Active-X architecture,
OpenDoc, and Netscape's Live Connect.
y Object serialization: Allows lightweight persistence and communication via
Remote Method Invocation (RMI).
y Java Database Connectivity (JDBC): Provides uniform access to a wide
range of relational databases.
Java not only has a core API, but also standard extensions. The standard extensions define
APIs for 3D, servers, collaboration, telephony, speech, animation, and more.
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 17/32
INTELLIGENT SNIFFER
COMPUTER DEPT 17 DYPCOE AKURDI,PUNE
Chapter 3
PROJECT PLANNING
__________________________________________________________________________
The development of an application will be on J2EE software, MySQL database
server & Apache tomcat server.
3.1Project Process Management
Project Process Management means management of all activities throughout the
development of whole project. In terms of Software Engineering Project Process
Management is similar to Software Development Lifecycle (SDLC). We would be
following the incremental Software Development model. Please note the project itself
involves working with the first phase only .
fig no 3.1The incremental mode
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 18/32
I N ¡ ¢ ¢
IGE N
£
N IFFER
C ¤
¥ ¦
§
ER DEPT 18 DYP C ¤
E AK §
RDI,PU N E
Fi no 3.2 Gantt C ar t
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 19/32
INTELLIGENT SNIFFER
COMPUTER DEPT 19 DYPCOE AKURDI,PUNE
Chapter 4
SOFTWARE REQUIREMENT SPECIFICATION
The software requirement specification is produced at the culmination of the
analysis task. The function and performance allocated to software as part of system
engineering are refined by establishing a complete information description, a detailed
functional description, a representation of system behavior, an indication of performance
requirement and design constraints appropriate validation criteria, and other information
pertinent to requirement.
The introduction to software requirements specification states the goals and objectives of the
software, describing it in the context of the computer based system.The Information
Description provides a detailed description of the problem that the software must solve.
Information content, flow and structure are documented.A description of each function
required to solve the problem is presented in the Functional Description.
Validation Criteria is probably the most important and ironically the most often neglected
section of the software requirement specification.
Software requirement specification can be used for different purpose. Here are the major uses.
Statement of user needs:
A main purpose of the product specification is to define the need of the product¶s user. Some
times, the specification may be a part of a contract sign between the producer and the user. It
could also form part of the user manuals. A userµs needs are sometimes not clearly
understood by the developer. If this is the case, a careful analysis ± involving much
interaction with the user should be devoted to reaching a clear statement of requirements, in
order to avoid possible misunderstandings.
Sometimes, at the beginning of a project, even the user has no clear idea of what exactly the
desired product is. Think for instance of user interface , a user with no previous experience
with computer products may not appreciate the difference between , say menu driven
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 20/32
INTELLIGENT SNIFFER
COMPUTER DEPT 20 DYPCOE AKURDI,PUNE
interaction and a command line interface. Even an exact formation of system functions and
performance may be missing an initial description produced by an inexperienced user.
A statement of the requirements for the implementation:
Specifications are also used as a reference point during product implementation. In fact,
the ultimate goal of the implementation is to build a product that needs specification. Thus the
implementers use specifications during design to make design decisions and during the
verification activity to check that the implementation compiles with specifications.
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 21/32
INTELLIGENT SNIFFER
COMPUTER DEPT 21 DYPCOE AKURDI,PUNE
Chapter 5
SOFTWARE DESIGN
_____________________________________________________
Software design is the first of three technical activities ± design, code generation and test that
are required to build and verify the software. Each activity transforms information in manner
that ultimately results in validated computer software.
The design task produces a data design, an architectural design, an interface design and
component design.
The design of an information system produces the details that clearly describe how a system
will meet the requirements identified during system analysis. The system design process is not
a step by step adherence of clear procedures and guidelines. When I started working on
system design, I face different types of problems; many of these are due to constraints
imposed by the user or limitations of hardware and software available. Some times it was
quite difficult to enumerate that complexity of the problems and solutions thereof since the
variety of likely problems is so great and no solutions are exactly similar however the
following consideration I kept in mind during design phased.
Design objectives:-
The primary objective of the design is to deliver the requirements as specified in the
feasibility report. These are the some of the objectives, which I kept in mind.
Practicality: The system is quite stable and can be operated by the people with
average intelligence.
Efficiency: I tried to involve accuracy, timeliness and comprehensiveness of
the system output.
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 22/32
INTELLIGENT SNIFFER
COMPUTER DEPT 22 DYPCOE AKURDI,PUNE
Cost: It is desirable to aim for the system with a minimum cost subject to the
condition that it must satisfy the entire requirement.
Flexibility: I have tried that the system should be modifiable depending on the
changing needs of the user. Such modifications should entail extensive
reconstructing or recreation of software. It should also be portable to different
computer systems.
Security: This is very important aspect which I followed in this designing
phase and tried to covers the areas of hardware reliability, fallback procedures,
and physical security of data.
Runtime Environment
Eclipse Web Server requirements
MySql Webs Server & Apache tomcat server
Browser requirements
Mozilla Firefox or Internet Explorer
Desktop Software Requirements
JpCap or similar Packet Analysis Library
Java/J2EE ApacheTomcat
Fusion Charts Library
ExtJS and Flash
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 23/32
INTELLIGENT SNIFFER
COMPUTER DEPT 23 DYPCOE AKURDI,PUNE
Fig no 5.1 working of Sniffer
Denial of Service (DoS) attack is most widely used for this purpose. In DoS attack the
intruder blocks or exhausts network resources, so that the authenticated users will be unable to
use the services provided by network.
The Proposed SNIFFER should be a self contained system. It should not be dependent on the
other application software for detecting attacks done on the system. Intrusion Detection
Prevention System should have its own network packet analyzer.
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 24/32
INTELLIGENT SNIFFER
COMPUTER DEPT 24 DYPCOE AKURDI,PUNE
Chapter 6
IMPLEMENTATION
_______________________________________________________
This Project involves the following
Design and Development of a middleware system which provides the following
y Proxy and Relay Services
y Packet capture and analysis service
y Route detection and networking services
y Firewall Services
Design and Development of an Intrusion detection system which provides checks for
y ICMP flood Teardrop attacks
y Permanent denial-of-service attacks
y Application level floods
y Nuke
y Degradation-of-service attacks
y Unintentional denial of service
y Blind denial of service Configurable parameters for the various levels of Attacks being executed
Design and Development of Business Analytics based Web Monitoring Tool which
provides the following
y Graphical real-time insight into the flow of Data and Network Packets client
wise
y Real time In memory Info pads and Grids
y Ability to monitor network traffic and usage
y Ability to terminate malicious connections
y Ability to generate reports and graphs for
Intrusion attempts
Network Usage
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 25/32
INTELLIGENT SNIFFER
COMPUTER DEPT 25 DYPCOE AKURDI,PUNE
Protocol Mappings
Ability to generate historical reports on Network Usage and using Artificial intelligence
Allow administrators to depict network usage scenarios in upcoming weeks
Ability to define rules for accessing outside networks/protocol usage based on time of
the day
Ability to find error prone packets
Ability to firewall Denial of Service Attacks, SYN Attacks
Integration with Google Maps to roughly point the origin of a packet/communication on
Maps
Ability to visualize the routers machines etc in the vicinity
SMS and Email based notification in case attacks are detected
6.1 Architecture
Fig no 6.1 Architecture diag
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 26/32
INTELLIGENT SNIFFER
COMPUTER DEPT 26 DYPCOE AKURDI,PUNE
Existing Sniffers
This application will show the visualized packet sniffing through using Fusion charts. But
these are the packet sniffers those already exist but do not give the visualized effects of the
packet sniffing.
Wireshark : Sniffing the glue that holds the Internet together
Kismet : A powerful wireless sniffer
Tcpdump : The classic sniffer for network monitoring and data acquisition
Cain and Abel : The top password recovery tool for Windows
Ettercap : In case you still thought switched LANs provide much extra security
Dsniff : A suite of powerful network auditing and penetration-testing tools
NetStumbler : Free Windows 802.11 Sniffer
Ntop : A network traffic usage monitor
Ngrep : Convenient packet matching & display
EtherApe : EtherApe is a graphical network monitor for Unix modeled after etherman
KisMAC : A GUI passive wireless stumbler for Mac OS X
Advantages & Disadvantages of Packet Filters
Advantages
Easy to install
Packet filters make use of current network routers. Therefore implementing a
packet filter security system is typically less complicated than other network
security solutions.
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 27/32
INTELLIGENT SNIFFER
COMPUTER DEPT 27 DYPCOE AKURDI,PUNE
Supports High Speed
With simple network configurations, packet filters can be fast. Since there is a
direct connection between internal users and external hosts, data can be
transmitted at high speeds.
Makes Security Transparent to End-Users
Because packet filters work at the level of the network router, filtering is
transparent to the end-user. That makes using client applications much easier.
Disadvantages
y Leaves Data Susceptible to Exposure
With packet filtering, users connect directly from network to network. Direct
connections leave data susceptible to exposure. Hackers can use packet-sniffer to
access information, such as a user address from the data stream and network security
can be compromised.
y Offers Little Flexibility Creating complex access rules with packet filters can be
difficult. With segmented local-area networks (LAN), it's almost impossible to
configure rule sets for users with different access privileges.
Usage of Intelligent Sniffer
The versatility of intelligent sniffers means they can be used to
Analyze network problems
Detect network intrusion attempts
Detect network misuse by internal and external users
Documenting regulatory compliance through logging all perimeter and endpoint traffic
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 28/32
INTELLIGENT SNIFFER
COMPUTER DEPT 28 DYPCOE AKURDI,PUNE
Gain information for effecting a network intrusion
Isolate exploited systems
Monitor WAN bandwidth utilization
Monitor network usage (including internal and external users and systems)
Monitor data-in-motion
Monitor WAN and endpoint security status
Gather and report network statistics
Filter suspect content from network traffic
Serve as primary data source for day-to-day network monitoring and management
Spy on other network users and collect sensitive information such as passwords
(depending on any content encryption methods which may be in use)
Reverse engineer proprietary protocols used over the network
Debug client/server communications
Debug network protocol implementations
Verify adds, moves and changes
Verify internal control system effectiveness (firewalls, access control, Web filter,
Spam filter, proxy)
Packet Analytics Platform
A packet analytics Platform is an intelligent system that can intercept and log traffic passing
over a digital network or part of a network. As data streams flow across the network, the
analyzer captures each packet and, if needed, decodes and analyzes its content according to
the appropriate RFC or other specifications.
Because of the versatility of the Packet analyzers they can be used to
Analyze network problems
Detect network intrusion attempts
Gain information for effecting a network intrusion
Monitor network usage
Gather and report network statistics
Filter suspect content from network traffic
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 29/32
INTELLIGENT SNIFFER
COMPUTER DEPT 29 DYPCOE AKURDI,PUNE
Spy on other network users and collect sensitive information such as passwords
(depending on any content encryption methods which may be in use)
Reverse engineer proprietary protocols used over the network
Debug client/server communications
Debug network protocol implementations
A packet sniffer, sometimes referred to as a network monitor or network analyzer, can be used
legitimately by a network or system administrator to monitor and troubleshoot network traffic.
Using the information captured by the packet sniffer an administrator can identify erroneous
packets and use the data to pinpoint bottlenecks and help maintain efficient network data
transmission. In its simple form a packet sniffer simply captures all of the packets of data that
pass through a given network interface. Typically, the packet sniffer would only capture
packets that were intended for the machine in question. However, if placed into promiscuous
mode, the packet sniffer is also capable of capturing ALL packets traversing the network
regardless of destination.
By placing a packet sniffer on a network in promiscuous mode, a malicious intruder can
capture and analyze all of the network traffic. Within a given network, username and
password information is generally transmitted in clear text which means that the information
would be viewable by analyzing the packets being transmitted. A packet sniffer can only
capture packet information within a given subnet. So, it¶s not possible for a malicious
attacker to place a packet sniffer on their home ISP network and capture network traffic from
inside your corporate network (although there are ways that exist to more or less "hijack"
services running on your internal network to effectively perform packet sniffing from a
remote location). In order to do so, the packet sniffer needs to be running on a computer that
is inside the corporate network as well. However, if one machine on the internal network
becomes compromised through a Trojan or other security breach, the intruder could run a
packet sniffer from that machine and use the captured username and password information to
compromise other machines on the network.
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 30/32
INTELLIGENT SNIFFER
COMPUTER DEPT 30 DYPCOE AKURDI,PUNE
Detecting rogue packet sniffers on your network is not an easy task. By its very nature the
packet sniffer is passive. It simply captures the packets that are traveling to the network
interface it is monitoring. That means there is generally no signature or erroneous traffic to
look for that would identify a machine running a packet sniffer. There are ways to identify
network interfaces on your network that are running in promiscuous mode though and this
might be used as a means for locating rogue packet sniffers.
If you are one of the good guys and you need to maintain and monitor a network, I
recommend you become familiar with network monitors or packet sniffers such as Ethereal.
Learn what types of information can be discerned from the captured data and how you can
put it to use to keep your network running smoothly. But, also be aware that users on your
network may be running rogue packet sniffers, either experimenting out of curiosity or with
malicious intent, and that you should do what you can to make sure this does not happen.
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 31/32
INTELLIGENT SNIFFER
COMPUTER DEPT 31 DYPCOE AKURDI,PUNE
Chapter 7
CONCLUSION
_______________________________________________________
The future of these intelligent sniffers is very promising. The advantages of this
software far outweigh the advantages of the existing softwares.The Future sniffers will be
very fast in operation and they will be very cheap.
This software are being supported by many big companies so they might be available in the
next few years. This software aim to fulfill the needs and demands along with maintaining
lower costs and high quality. They have to prove themselves before mass production begins.
The previous sections explained recently developing projects which have the potential to
replace normal sniffers with intelligent sniffers,but before trying any new software, it must be
fully justified else it will get rejected.
Also the new technologies discussed have many disadvantages and drawbacks. Efforts are on
to improve the performance, quality and reliability of the proposed devices. Many giant
companies are investing millions into research in order to solve the problem of ever
increasing demand.
The Proposed SNIFFER should be a self contained system. It should not be dependent on the
other application software for detecting attacks done on the system. Intrusion Detection
Prevention System should have its own network packet analyzer.
A packet sniffer is not just a hacker 's tool. It can be used for network troubleshooting and
other useful purposes. However, in the wrong hands, a packet sniffer can capture sensitive
personal information that can lead to invasion of privacy, identity theft, and other serious
eventualities.
8/7/2019 REPORT SNIFFER
http://slidepdf.com/reader/full/report-sniffer 32/32
INTELLIGENT SNIFFER
Chapter 8 REFERENCES
_______________________________________________________
Websites:
http://www.j2meworld.com
http://www.wikipedia.org
http://www.sun.java.com
www.research.ibm.com
www.intel.com
Search engines:
www.google.com
www.turbo10.com